1、邹松鹤 思科智能加油站解决方案 2 2015 Cisco and/or its affiliates.All rights reserved.Cisco Confidential 内 容 思科智能加油站解决方案思科物联网路由器介绍总结3 2015 Cisco and/or its affiliates.All rights reserved.Cisco Confidential 智能加油站需求加油站特点和需求：分布广、数量多、人员少无IT维护人员环境差、无专有机房或设备间功能需求全：网络互联、OA办公、话音、视频、无线简化运维解决方案云架构、集中管理、集中运维基于云的方式提供IT服务，总部或二2、级单位统一部署云服务，提供远程服务采用集成度高的智能化设备数据、话音、视频相融合有线无线一体化4 2015 Cisco and/or its affiliates.All rights reserved.Cisco Confidential 思科智能加油站解决方案架构 企业WAN/互联网IPSec VPN 电话视频会议虚拟桌面瘦客户端智能终端/传感器监控摄像协作云桌面云总部/总部/二级单位二级单位 智能路由器AAA Portal 定位 大数据分析 O2O应用 无线控制器 无线云5 2015 Cisco and/or its affiliates.All rights reserved.Cisc3、o Confidential 虚拟桌面云提供桌面办公接入Cisco UCS Platform Hypervisor Desktop O/S App App Data Desktop Virtualization Agent 高性能服务器UCS系统广域网络 业界最高性能虚拟桌面服务器平台 可靠的的云安全防护 广域网流量优化提高虚拟桌面云性能 应用流量的可视化加油站总部数据中心6 2015 Cisco and/or its affiliates.All rights reserved.Cisco Confidential 存储 Storage 计算 Computing 网络 Networking 4、即时消息 IM&P 视频 Video 客户协作 Customer Coll 会议 Meetings 社交 Social 语音 Voice Call Control 目录与邮件集成 AD/Email Integration 业务应用集成 Business Apps 桌面终端 会议室终端 软件终端 桌面终端 软件终端 桌面终端 会议室终端 软件终端 桌面终端 软件终端 广域网络 全业务模块化应用扩展总部协作云7 2015 Cisco and/or its affiliates.All rights reserved.Cisco Confidential 无线云提供无线接入方案架构描述集中部署冗余无5、线控制器集中部署无线管理系统所有加油站AP统一由总部或二级单位管理AP支持即插即用数据集中可控、可视大大简化运维管理NCS/WCS WAN 总部总部或二级单位或二级单位 加油站加油站WLC 互联网8 2015 Cisco and/or its affiliates.All rights reserved.Cisco Confidential 内 容 思科智能加油站解决方案思科物联网路由器介绍总结9 2015 Cisco and/or its affiliates.All rights reserved.Cisco Confidential Cisco 800 系列工业级物联网路由器紧凑型紧凑型6、 工业级工业级丰富的功能丰富的功能 Built for challenging environment shock/vibe,humidity,temperature,dust,IOS 15.5M/T SW release IPv4/IPv6,Routing,Security,QoS,Segmentation(VLAN,VRF),VPN,Small form-factor hardened Gateway 安全保障安全保障 雾计算雾计算 易管理易管理 Linux Guest OS,SCADA protocol translation,IOS comprehensive Network&Secu7、rity Management,Zero Touch Provisioning,IOT Field Network Director/IOK,HW ID,HW crypto,IPsec VPN,Certificate based identity,802.1x,Firewall,Connectivity&Sensors Ethernet,Cellular 3G/4G Serial(RS232/RS485)Wi-Fi a/b/g/n(IR829),GPS,Accelerometer*,Gyrospcope*,Utilities,Oil&Gas,Transportation,PMB,SP IOT/8、M2M -Future proofing IPv6-ready,FOG,BYOI,cisco 809 cisco 829 csico 819 10 2015 Cisco and/or its affiliates.All rights reserved.Cisco Confidential Cisco 809 工业物联网路由器Cellular AUX GPS Cellular MAIN Dual SIM(behind SIM access cover)USB 2.0 Type A port(Guest OS)9.6-60 VDC Power Input 1 x Digital Input Al9、arm Port(HW-Ready)10/100/1000Base-T S0(Async 0):RJ-45 RS232/RS485 Serial Mini-USB Type B Console Port Reset S1(Async 1):RJ-45 RS232 Serial 尺寸尺寸：29.21(H)x 128(W)x 159.2(L)mm29.21(H)x 128(W)x 159.2(L)mm 重量重量:0.77 kg:0.77 kgIP IP 防护等级防护等级:Vertical:IP30 Horizontal:IP31 :Vertical:IP30 Horizontal:IP31 工作温10、度工作温度：-40 to 60C-40 to 60C 11 2015 Cisco and/or its affiliates.All rights reserved.Cisco Confidential 2011 Cisco and/or its affiliates.All rights reserved.Cisco Confidential 11 3G&GPS TNC 12-in-1 Serial 4 FE LAN RP-TNC WLAN GDN Console(top)GE WAN(bottom)Reset switch 8x LEDs Power input Mini-USB Cisc11、o 819 工业物联网路由器 尺寸尺寸：44(H)x 186(W)x 229(L)mm44(H)x 186(W)x 229(L)mm 重量重量:1.54 kg:1.54 kgIP IP 防护等级防护等级:IP41 :IP41 工作温度工作温度：-25 to 60C-25 to 60C 12 2015 Cisco and/or its affiliates.All rights reserved.Cisco Confidential Cisco 829 工业物联网路由器GE1-4 RJ45 Four 10/100/1000 Mbs 30.8W Shared PoE/PoE+option GE0 12、WAN Port(SFP)USB Type A port (Guest OS)9-32 VDC Power Input Ignition Sense(HW-Ready)Cellular 0 AUX WLAN 2.4GHz Ant 0 Cover for expansion slot WLAN 2.4GHz Ant 1 WLAN 5GHz Ant 0 WLAN 5GHz Ant 1 Cellular 0 MAIN Dual SIM GPS Mini-USB Type B Console Port(*)Reset Hidden behind SIM access cover(Hazloc comp13、liance)S0(Async 0):RJ-45 RS232/RS485 Serial S1(Async 1):RJ-45 RS232 Serial 尺寸尺寸：43.9(H)x 279(W)x 196(L)mm43.9(H)x 279(W)x 196(L)mm 重量重量:2 kg:2 kgIP IP 防护等级防护等级:IP40 或IP54（加壳）:IP40 或IP54（加壳）工作温度工作温度：-40 to 60C-40 to 60C防爆等级：Class防爆等级：Class 1,1,DivDiv 2,Groups A B C D 2,Groups A B C D13 2015 Cisco and14、/or its affiliates.All rights reserved.Cisco Confidential Cisco 800 设计架构以829为例双核CPUIntel Rangeley 1.25GHz集成专有加密芯片Intel“QuickAssist”Bulk Encryption(AES,3DES,RC4)Authentication(SHA1,MD5)Public Key Exchanges/RSA内存:2GB DDR3 硬盘:8GB eMMC(physical),4GB usable1 x USB Type A interface(Guest OS)GPSBYOI slot(H15、W Ready)Dual Core CPU with HW Crypto+Memory+Storage Gigabit Ethernet 0 WAN SFP GI 1 Serial 1 RS232 DTE Serial 0 RS232/RS485 DCE/DTE 3G/4G LTE modem+GPS DC Power +Ignition Power Management Accelerometer+Gyroscope Mini-USB Type B Console port USB Type A port Status LEDs IR 829 2nd 3G/4G LTE modem+GPS 16、(roadmap)GI 2 GI 3 GI 4 Gigabit Ethernet ports With POE option AP803 Wi-Fi BYOI slot 14 2015 Cisco and/or its affiliates.All rights reserved.Cisco Confidential 硬件就绪支持USB,PCIe,SATA,SGMII等方便用户未来扩展，开发集成自己的应用Cisco 829 Bring Your Own Interface(BYOI)15 2015 Cisco and/or its affiliates.All rights reserved.17、Cisco Confidential Cisco 800 IOX软件架构FOG computing Distributed intelligence and 3rd party devices GOS operates on HW Core#1 GOS is installed through the IOX bundle install process and can be start/stop and upgraded from IOS CLI Guest OS Yocto Linux Applications ETH0 Cisco distribution is based on Yoc18、to Linux project 1.8 reference Distribution),with basic services enabled:IPv4/IPv6,DHCP,NTP,AAA(Radius),Python 2.7,basic debugging tools(tcpdump,top,etc),bash Linux 64 bits from IOS 15.6(1)T all Guest-OS application developments should leverage this minimum release IR 8x9 IOX IOS GOS Hypervisor IR 819、x9 HW VDS#guest-os 1?image Guest OS bootable image restart Restart Guest OS start Start Guest OS stop Stop Guest OS 16 2015 Cisco and/or its affiliates.All rights reserved.Cisco Confidential 物联网需要分布式计算终端终端 数据中心数据中心/私有云私有云 传统计算模式(Terminal-mainframe,Client-server,Web)17 2015 Cisco and/or its affiliate20、s.All rights reserved.Cisco Confidential 物联网需要分布式计算终端终端、传感器传感器、表计等等表计等等 数据中心数据中心/私有云私有云 物联网计算模式(Data Volume,Security,Resiliency,Latency)雾雾 18 2015 Cisco and/or its affiliates.All rights reserved.Cisco Confidential 雾计算下模式的改变统一集成平台网络计算资源存储CLOUD 云端云端 边缘边缘 存储存储 分析分析 操作操作 通知通知 19 2015 Cisco and/or its af21、filiates.All rights reserved.Cisco Confidential 雾计算架构终端终端、传感器传感器、表计等等表计等等 数据中心数据中心/私有云私有云 物联网计算模式(Data Volume,Security,Resiliency,Latency)FOG Service Routers FOGhorn alerts Hybrid FOG FOG Connect Cisco Powered FOG Services 20 2015 Cisco and/or its affiliates.All rights reserved.Cisco Confidential 雾计22、算的实现终端终端、传感器传感器、表计等等表计等等 数据中心数据中心/私有云私有云 物联网计算模式(Data Volume,Security,Resiliency,Latency)IOxIOx 实现实现 FOG FOG21 2015 Cisco and/or its affiliates.All rights reserved.Cisco Confidential Cisco IOX 系统雾计算的平台通讯通讯+=Best Internetworking 计算计算 Best Open Source IOx BYOI/BYOA:Bring Your Own Interface,Bring Your 23、Own Application 22 2015 Cisco and/or its affiliates.All rights reserved.Cisco Confidential IOx Cisco IOX 系统雾计算的平台Platforms at the Network Edge IOS 操作系统操作系统 分布式应用 IOx SDK and Middleware 服务 应用管理 应用存储 Embedded Compute Accessible Interfaces Embedded Storage Sensors and Endpoints 23 2015 Cisco and/or its24、 affiliates.All rights reserved.Cisco Confidential Cisco 800系列路由器 丰富的功能集Layer-3 Layer-2(may only apply to IR829 Security Auto Media Device In/Media Device Cross Over 16 802.1Q VLANs,802.1d Spanning Tree,MAC filtering,Switched Port Analyzer(SPAN),Storm control,Smart ports,Secure MAC address,IGMPv3 sn25、ooping,802.1X L2TP and L2TPv3 tunnels,Data-Link Switching(DLSW)Anti-Counterfeit HW,Hardware accelerated DES,3DES,AES 128,AES 192,and AES 256 IPsec for IPv4&IPv6,IPsec stateful failover,VRF-aware IPsec,DMVPN,FlexVPN Cisco IOS Firewall(Zone-based policy firewall,VRF-aware stateful inspection routing f26、irewall,Stateful inspection transparent firewall,Advanced application inspection and control,Dynamic and static port security,Firewall stateful failover)IPv4&IPv6 Unicast and Multicast Routing protocols:IPv4&IPv6 Static route,OSPFv2 and OSPFv3,E-IGRP,MP-BGP,IKEv2 routes injection(FlexVPN)IPv4/IPv6 M27、ulticast(PIM,IGMP/MLD)Generic routing encapsulation(GRE)and multipoint GRE(MGRE)NAT44,NAT-PT,Dynamic DNS(DDNS),DNS Proxy,DNS Spoofing DHCP for IPv4 and IPv6(Server,Client,Relay and IPv6 Prefix Delegation)IPv4/IPv6 Access control lists(ACLs)Policy-Based Routing(PBR),Performance Routing(PfR),Next Hop 28、Resolution Protocol(NHRP)HSRP,VRRP,BFD,WCCP Manageability Application-awareness Quality of Services Linux Guest OS(FOG Computing),protocol translation(T101-T104,DNP3-DNP3/IP,VRF-aware),Raw Socket TCP and UDP(VRF-aware)Telnet,SNMPv3,Secure Shell(SSH)Protocol,CLI,HTTP/HTTPS,RADIUS and TACACS+,XML/CGNA29、/WSMA,Configuration rollback,EEM for WAN Monitoring,IP SLA,MIBs Low Latency Queuing(LLQ),Class-Based Weighted Fair Queuing(CBWFQ),Class-Based Traffic Shaping(CBTS),Class-Based Traffic Policing(CBTP),Class of service(CoS)to-differentiated services code point(DSCP)mapping,Class-Based Weighted Random E30、arly Detection(CBWRED),Network-Based Application Recognition(NBAR),Link fragmentation and interleaving(LFI),Resource Reservation Protocol(RSVP)Features may be dependent of platform and releases 24 2015 Cisco and/or its affiliates.All rights reserved.Cisco Confidential 思科智能加油站解决方案架构 企业WAN/互联网IPSec VP31、N 电话视频会议虚拟桌面瘦客户端智能终端/传感器监控摄像协作云桌面云总部/总部/二级单位二级单位 智能路由器AAA Portal 定位 大数据分析 O2O应用 无线控制器 无线云25 2015 Cisco and/or its affiliates.All rights reserved.Cisco Confidential 集成安全能力保证加油站的安全性高性能安全互联:加密VPN接入总部支持PKI秘钥系统专有硬件加密，不影响性能DES,3DES,AES 128,AES 192,and AES 256DMVPN技术保证加油站VPN的灵活部署安全访问控制Cisco IOS 防火墙:基于分区的策略32、防火墙状态监测防火墙高级应用监测与管控集成的入侵防护:IPS入侵防护系统控制平面保护COPPCisco Web 安全服务CWS私有云总部总部InternetCWS 加密VPN 阻断 攻击 基于云的web安全 26 2015 Cisco and/or its affiliates.All rights reserved.Cisco Confidential 集中管理简化运维多种集中式多种集中式、安全安全、远程管理远程管理 Telnet SNMPv1,v2 and v3,MIBs Secure Shell(SSH)Protocol HTTP/HTTPS RADIUS and TACACS+多种管理33、工具和管理功能多种管理工具和管理功能 Configuration rollback EEM for WAN Monitoring IP SLA GIS Open API 27 2015 Cisco and/or its affiliates.All rights reserved.Cisco Confidential 智能广域网技术保证应用性能 提高跨广域网应用性能 网络应用可视性 IP SLA/EEM技术简化网络运维管理 工业应用和协议的识别能力保证生产业务质量 多种队列技术、流量整形技术、分层QoS技术保证关键业务28 2015 Cisco and/or its affiliates.All rights reserved.Cisco Confidential 内 容 思科智能加油站解决方案思科物联网路由器介绍总结29 2015 Cisco and/or its affiliates.All rights reserved.Cisco Confidential 基于云技术的智能加油站解决方案工业级物联网站内路由器集成多种所需服务雾计算技术实现IT与OT的融合集成安全防护机制保证系统的安全可靠集中管理能力简化运维部署智能广域网技术保证关键业务的部署总结